Posted
by
timothy
on Sunday January 10, 2016 @10:33AM
from the perfect-for-your-carnivore-word-salad dept.

An anonymous reader writes: David Chaum, father of many encryption protocols, has revealed a new anonymity network concept called PrivaTegrity. Chaum, on who's work the Onion protocol was based, created a new encryption protocol that works as fast as I2P and the Onion-Tor combo, but also has better encryption. The only downside, according to an interview, is that he built a backdoor into the darn thing, just to please governments. He says that he's not going to use the backdoor unless to unmask crime on the Dark Web. Here's the research paper (if you can understand anything of it).

Yeah, your view isn't universal. There are people out there trying to trace dissidents and political opponents electronically because those dissidents know they'll be in jail for a long time or killed if caught. That law enforcement "should" only get involved when dissent becomes violent is a nice thought, but in China the police become involved if you happen to mutter that the local cops are corrupt, or if someone mentions that you practice meditation and believe that materialism isn't the bees knees.

and this would protect against groupthink powered populist witchhunts how exactly? These days, most governments are more than willing to 'cooperate' when dealing with dissent in any one of their countries (eg: multilateral surveillance to get around civil protections). It would be relatively easy to put the squeeze on those nine people. It's hard enough to both design and implement crypto correctly as it is. It's a waste of time to bother implementing purposely compromised crypto.

Three keys for satellites up in the skySeven for the hackers, in their mommies' homesNine keys for sysadmins in collusion with the spiesOne for the Dark Lord, in his Oval Office.In the land of Bruce, where the Schneier lies.One key to crack them all, one key to find themOne key to bring them all and in the HSM bind them.In the land of Bruce, where the Schneier lies.

Private citizens who care won't use this because they care about not having their communications intercepted.Big bad government won't use this because they care about not having foreign intelligence intercepting their communications, but will happily spy on anything they can get.

Botnet operators rejoice at the birth of another avenue for hard to kill C&C.

The key requirement for a global communications system is interoperability. You need to be able to talk with anyone you want/need, without great difficulty. The traditional solution is a central command/control hub that is susceptible to spying. People are still working on a decentralized system that isn't.

Is he claiming he found a way to safely have backdoored communications?

Not sure what "safely backdoored" means. The system is spread out amongst many different countries in such a way that many different governments must agree to use the back door. If the USA, the Netherlands, and Russia can agree, for example, then it is probably criminal investigation and not spying going on. I reviewed many of the early drafts of this paper. It's pretty cool.

Is he claiming he found a way to safely have backdoored communications?

Not sure what "safely backdoored" means. The system is spread out amongst many different countries in such a way that many different governments must agree to use the back door. If the USA, the Netherlands, and Russia can agree, for example, then it is probably criminal investigation and not spying going on. I reviewed many of the early drafts of this paper. It's pretty cool.

Or, another way to put it, a government needs to compromise only those 9 users to gain unlimited access to all encrypted communications through the system.

That's like the UN Security Council. If China, France, Russian Federation, the United Kingdom, and the United States agree, they can do what they want.

That would probably mean their police agencies deciding among themselves.

Let's look at real cases.

If you had a news service, like Wikileaks, that managed to annoy all of them (as a good news organization should do), they could agree to go after that news organization.

And what are the politically-correct grounds for using the back door? Child pornography? Human trafficking? Tax evasion? Drug dealing? Bribery? Terrorism? Capital crimes? Weapons of mass destruction? Waging war?

What if Miss "A" claims that Julian Assange raped her on one night, though she had enthusiastic sex the nights before and after?

Yup. I think you summarized it pretty well. However, the point is to provide a channel of secure communication that requires a relatively high barrier to overcome. The alternative is for these same governments to ban secure communication completely. You make the call.

The system is spread out amongst many different countries in such a way that many different governments must agree to use the back door. If the USA, the Netherlands, and Russia can agree, for example, then it is probably criminal investigation and not spying going on.

The system is spread out amongst many different countries in such a way that many different governments must agree to use the back door. If the USA, the Netherlands, and Russia can agree, for example, then it is probably criminal investigation and not spying going on.

Is he claiming he found a way to safely have backdoored communications?

Not sure what "safely backdoored" means. The system is spread out amongst many different countries in such a way that many different governments must agree to use the back door. If the USA, the Netherlands, and Russia can agree, for example, then it is probably criminal investigation and not spying going on. I reviewed many of the early drafts of this paper. It's pretty cool.

Just because something is criminal does not mean it should be criminal per our system of morals and ethics. Free speech in China or Saudi Arabia, for example.

As well, governments will cooperate on issues that may not be illegal but are inconvenient to them, for whatever reason.

Is he claiming he found a way to safely have backdoored communications?

Not sure what "safely backdoored" means. The system is spread out amongst many different countries in such a way that many different governments must agree to use the back door. If the USA, the Netherlands, and Russia can agree, for example, then it is probably criminal investigation and not spying going on. I reviewed many of the early drafts of this paper. It's pretty cool.

Just because something is criminal does not mean it should be criminal per our system of morals and ethics. Free speech in China or Saudi Arabia, for example.

As well, governments will cooperate on issues that may not be illegal but are inconvenient to them, for whatever reason.

You place too much confidence in government doing the right thing.

Actually I have absolute confidence that most governments will do the wrong thing. But if a system exists for which a diverse set of governments must agree, then doing anything, right or wrong, is more difficult. Not impossible, just difficult.

Is he claiming he found a way to safely have backdoored communications?

Not sure what "safely backdoored" means. The system is spread out amongst many different countries in such a way that many different governments must agree to use the back door. If the USA, the Netherlands, and Russia can agree, for example, then it is probably criminal investigation and not spying going on. I reviewed many of the early drafts of this paper. It's pretty cool.

Just because something is criminal does not mean it should be criminal per our system of morals and ethics. Free speech in China or Saudi Arabia, for example.

As well, governments will cooperate on issues that may not be illegal but are inconvenient to them, for whatever reason.

You place too much confidence in government doing the right thing.

Actually I have absolute confidence that most governments will do the wrong thing. But if a system exists for which a diverse set of governments must agree, then doing anything, right or wrong, is more difficult. Not impossible, just difficult.

Point taken - I just don't think it's going to be very difficult at all to find drivers for nine governments to agree on. I figure that for the majority of requests made by a particular government for information on a particular person, the other eight are most likely to not give a shit at all and will just provide the keys and say "you owe me one".

Is he claiming he found a way to safely have backdoored communications?

Nope. He is claiming he has implemented a method requiring multiple key servers to unanimously decide to work together to decrypt a message.

Specifically there are nine servers, all of which must be used together. If 8 of the 9 wish to decrypt something but 1 chooses not to assist, the message can not be decrypted.

He then suggests in his opinion that if those nine servers are spread around the world such that one is in control of by different democratic governments, it would follow that all nine of those governments must then agree the message in question needs to be decrypted.

So far as the axiom holds that "technology can do nothing except enforce a policy" - he is correct.

The question remains about those policies of course, not just at the time the nine servers are deployed and used but also for all time into the future.Something he states no opinion on, which is also probably wise. My own cynicism has great doubts about that as well.

It's also worth pointing out that at least in the alpha stage of testing the protocol is currently in, this backdoor really is a "US backdoor", as for testing purposes all nine of those key servers are hosted within amazon cloud, so all under control of the same government.During development testing this is fine, but the people testing the protocol should be absolutely aware of this fact. Test the other aspects of the protocol, assure the protocol as implemented matches exactly the theory. Find and fix bugs. But it is not to be used for trusted communications yet.

The next major hurdle of course is the very policies that need to be drafted and in place before the servers are codified to enforce them.You know how governments and policies can be some times. It very well may be the case the policies never actually make it to a state anyone agrees is worth using, making the protocol a bit useless, even if not at the fault of the protocol itself.

He then suggests in his opinion that if those nine servers are spread around the world such that one is in control of by different democratic governments, it would follow that all nine of those governments must then agree the message in question needs to be decrypted.

What if one of those "democratic governments" is the U.S.? Then it is just one government sending eight agents overseas, each with a $5 wrench, to "persuade" the other operators to "agree" that the message must be decrypted. They don't need to go to those governments, they just need to get the guy sitting at the terminal.

What if one of those "democratic governments" is the U.S.? Then it is just one government sending eight agents overseas, each with a $5 wrench, to "persuade" the other operators to "agree" that the message must be decrypted. They don't need to go to those governments, they just need to get the guy sitting at the terminal.

Agreed.

Maybe if all the people claiming to be the "good guys" actually followed the rule of law, that may not be a problem. But unfortunately that is not the case so we will never really know.

It would be great if the US, and in fact all of the "5 eyes", were not included due to not being democratic, but I don't expect for a second that will be the case.

A second best option would be for the "5 eyes" to count only as one, but that is still vulnerable to the lack of rule of law as you point out.

You haven't studied history, particularly regarding the Cold War or even the more recent NSA+Russia+Germany+UK+China intelligence exchanges. The governments do not need to agree on anything yet they come to an awful lot of agreements. Captured spies were continuously interchanged as did communication between the administrations. All the public ever saw was a "Cold War" where governments didn't talk or agree yet in the background they collaborated quite often to their mutual benefit. If governments control t

Today Russia and the US agree on nothing in private or in the public domain. Both sides have backed themselves into a corner where any maneuver towards a reconciliation in relations is nearly impossible. The Cold War era looks like a love and admiration festival when compared to today's international relationships.

It's just cheaper to use the Russians to ferry personnel and supplies to the space station. It's not that the Russians are doing something the US can't do if they needed or wanted to. There is no reason the US government should spend Billions of dollars on something where there are much cheaper options. Plus no matter how bad relations get Russia wants to avoid politicizing if at all possible because it generates a lot of hard currency that they desperately need especially since the price of oil has tanked.

Nope. He is claiming he has implemented a method requiring multiple key servers to unanimously decide to work together to decrypt a message. Specifically there are nine servers, all of which must be used together. If 8 of the 9 wish to decrypt something but 1 chooses not to assist, the message can not be decrypted.

So far so good. But there's only two ways this works, either it's closed source, black box and absolutely not to be trusted or you can do:// encryptForTheNine( decryptionKey )encryptForTheNine( someString() )

At least I don't know any algorithm that can prove the correct decryption key is embedded without actually decrypting the message. So you go through nine jurisdictions, get a court warrant in each and find the decryption key is 0xDEADBEEF. Then what? It only works if you make tampering with the backdoo

Now I admit I didn't do more than speed-read the first bit of the linked paper for this protocol, but at first glance it looks to utilize three separate "encryption wrapper" stages, where having a known static key embedded would only defeat one of those three.

I can't say if that is enough to do as you claim however maybe you're right.

So you go through nine jurisdictions, get a court warrant in each and find the decryption key is 0xDEADBEEF. Then what?

The next major hurdle is convincing people to actually use this. Regular users who have no clue will just stick to FB messenger etc, which doesn't have end-to-end encryption and isn't going to get it. And people who understand how it works and care about their privacy would never use something like this.

The only way this would be even remotely useful is if governments actually start banning services with no backdoors. But if they do, I very much doubt they'll stop at "backdoor, but requires cooperation of o

Oh yes! The world will be a better place when governments are aided by secure communications developers in fighting crimes like apostasy, being gay, etc., and whatever new "crimes" might be defined out of thin air in the future.

I'm sure the criminals that will be brought to justice, and hanged, shot and stoned will understand the wisdom of this move.

What I'm taking away from this is that anything David ever has made or will make in the future should not be trusted.

So you would prefer to trust someone that promises that there is no back door (like, say, Juniper, AT&T, etc), or someone that states up front that there is one that requires multi-national agreement to use?

No. Your jumping to a conclusion that there isn't also another solution which is freedom friendly and the sources/protocol is open/available. I'd rather have something that is not back-doored and is open and trustworthy.

What I'm taking away from this is that anything David ever has made or will make in the future should not be trusted.

While I'll grant that the you're partially justified by the ridiculously bad summary, your takeaway is dead wrong.

First, having just skimmed through the article and the (very interesting!) paper, let me point out why the summary is ridiculously bad. Chaum's protocol does not include a backdoor, and certainly not "just to please governments".

What Chaum did was to describe a really cool anonymous routing and communications protocol, with a number of highly desirable properties. The biggest one is that his protocol is designed to be secure against nation state access, unlike Tor. It should also be quite a bit faster than Tor because communications require no public key cryptographic operations; everything is done with very-fast symmetric crypto, building on top of a precomputed homomorphic encryption. Making this scheme work, though, depends on the existence of a trusted third party (TTP).

In general, relying on a TTP is problematic in contexts where there isn't any obvious person or organization who could be trusted. And for a global communications network that will be used by lots of people and which many governments might like to penetrate, and which in fact is specifically focused on trying to prevent penetration by nation states, there clearly exists NO such single party.

Chaum's solution to the problem of how to trust when no one is trustworthy (a common problem in security design, actually) is to distribute the trust (a common solution, though Chaum's implementation is particularly clever). By arranging things so that the TTP role is spread across many different nations, each of which is fairly trustworthy except in particular areas, and selecting those nations so the areas in which they're untrustworthy are different, and designing the cryptography so that any abuse of the TTP role requires willing participation of 100% of said nations, it may be possible to construct a TTP which is trustworthy in the aggregate, even though no individual member is fully trustworthy.

This is a very clever solution to what I would have said is a completely intractable problem.

It's clever, but it has a huge weakness. Say you distribute the TTP over 9 severs in different countries. Sounds good, but what you really need is 9 administrators in different countries who are unlikely to collude. If they do ever collude, you are screwed. Also, if they all get hacked, you are screwed. Considering what we know of NSA/GCHQ hacking, that isn't an insignificant risk. They would be targeting any servers involved in something like this with zero day exploits, HUMINT and more.

I would say look to his straight-up crypto work/research as useful/interesting, and he did much useful work there, but I think in terms of proposing technology for Consumer usage / addressing political issues I think he was out of his league.... E.g. Digicash failure.

Not having the good sense to recognize that people concerned enough about privacy to encrypt their messages want end to end security of communications, not a backdoored communications network.

Then anyone using would likely have to be coerced to use it. Then when some piece needed to be decrypted the likely result would be a message encrypted with another tool that the user has done their damnedest to ascertain has no back door.

Wow good job, we've found a way to bloat data packets even further. Up the bandwidth!

Mr. Chaum has clearly underestimate the resolve of governments around the world. If needed, they will coerce the holder(s) of the key(s) to get what they want. Anyone that has even part of the key to the backdoor is going to put a giant bull's eye on themselves and their loved ones.

a better idea would be to take the improvements made and upgrade the Tor protocol.

Yes the 1950-90's is filled with stories about 5 eye nations getting to complex hardware codes used by a lot of nations embassies.https://en.wikipedia.org/wiki/... [wikipedia.org]
Within advanced factories in "neutral" nations the issue was worked on until the Western powers had plain text from every complex crypto device offered for sale.
Western governments do not stop until they have the plain text from any product or service on the market as designed, sold, used and upgraded over any decade.
The UK has its "Draft Com

Kudos to David or disclosing that but what was he thinking adding in a backdoor?

Sounds like he hoped to cash in on some government contracts (possibly some sales for CEOs looking to snoop in on employees) but the fact is companies selling equipment and software with back doors on balance are losing market share globally due to national security concerns (ask tech companies like Cisco that were in bed with the NSA how their sales are doing in China these days)

My understanding is the so-called "backdoor" is inherent to the way the cryptography works --- it's not so much a backdoor, as it is a disclosure that if all the servers keys become known, a third party could break the privacy; "backdoor" is just a consequence of the design that is also what causes the performance improvement, and knowing what the "backdoor" is does not allow it to be removed (without you having to design a new protocol and altogether new system).

Chaum is also building into PrivaTegrity another feature that’s sure to be far more controversial: a carefully controlled backdoor that allows anyone doing something “generally recognized as evil” to have their anonymity and privacy stripped altogether.

Whoever controls that backdoor within PrivaTegrity would have the power to decide who counts as “evil” - too much power, Chaum recognizes, for any single company or government. So he’s given the task to a sort of council system. When PrivaTegrity’s setup is complete, nine server administrators in nine different countries would all need to cooperate to trace criminals within the network and decrypt their communications.

So... my question would be... Quis custodiet ipsos custodes? [wikipedia.org] who will appoint, monitor and document the decisions of these administrators and if necessary revoke their anointed status as the determiners of what is or isn't acceptable evil (e.g. is sharing a commercial movie evil enough to attract the attention of "the nine" [amazon.com]... how about a casual statement calling for the non-constitutional overthrow of a government... clearly child porn would be considered evil, but what would the cut off age be, 16, 17 or 18... would planning to blow up a public facility in a western country be more evil than threatening to blow up a public facility in a country already mired in a civil war)? Will they be accuser, prosecutor, judge and jury? who will take cases to them and which legal system will apply... can they be sued in the event that they err? what will keep them beyond reproach and will their decisions be made public? will it be possible to appeal their decisions?

Nine governments in agreement sounds like an unlikely scenario regardless what the topic is.

Except where there is something in it for them. Like when they say if you agree to open the door when I want something, then I will open the door when you want something. Maybe we just all agree to leave the door open all the time for convenience.

Three Rings for the Elven-kings under the sky,Seven for the Dwarf-lords in their halls of stone,Nine for Mortal Men doomed to die,One for the Dark Lord on his dark throneIn the Land of Mordor where the Shadows lie.One Ring to rule them all, One Ring to find them,One Ring to bring them all and in the darkness bind themIn the Land of Mordor where the Shadows lie.

The fact is there are a lot of people who wish to do as much harm as they can. We have always had well-poisoners in our midst but thanks to current and near-future technology, their ability to do great harm to great numbers of people is increasing dramatically. I've said this before but here it is again. Tell me I am wrong:

1) The number of technologies that can cause serious, deadly harm to humans and other living things is going up.

2) The number of substantively different or novel attacks that technolog

From the Wired article: "Chaum argues that PrivaTegrityâ(TM)s setup is more secure than Tor, for instance, which passes messages through three volunteer computers which may or may not be trusted."

...unlike this PrivaTegrity thing, which requires you to 100% trust a FIXED set of 9 volunteer computers (which apparently cannot be trusted not to collude against you). At least TOR's security model HAS into account the possibility of malicious nodes (which is the whole reason why messages are onion-encrypt

Now that the backdoor has been revealed, it certainly won't be considered as a TOR upgrade, and governments and individuals are now fully aware (or should be) of what a backdoor actually means will steer clear of it. We know of at least one government that will strong-arm the other 8 into doing whatever is asked of them. Let's hope Chaum's project dies an early death.

Simpler than that: Make all encryption is 100% secure. Only Alice and Bob can read the data.

If law enforcement wants access to the data for crime purposes, THEY GET A WARRANT for either Alice or Bob that demands they decrypt, and Alice and Bob have their normal rights to fight the demand in court, and failure to comply is risking contempt of court.

If Alice or Bob are not in your jurisdiction, then its none of your fucking business. Go ask the country they are in to do it.

As amusing as that thought is, you don't need a focus group, just look at the anon coward posts in literally every single story that complain about not spelling out common 30 year old technical terms - like TCP or DOS.They even bitch that a link to wikipedia is too much work for them.

Granted that just raises the question "Why are we listening to ACs?", but sadly these people are not made up boogiemen, and their numbers seem to be on the rise:/

No, it is calling Alice by the name Bob, without knowing that fact. To hear you tell it, when people on TV have their face blacked out and voice modified, but have a subtitle "Bob", that somehow identifies the person as Alice. In other words, you are an idiot.

Your argument against psuedonymity appears to be anonymity is 100% or nothing at all, which... again... is not the case with anonymity. I can be anonymous to some without being anonymous to all. Of course, all of this is moot since when you post enough times from the same IP your identity can be discerned (Even with NAT). Ergo, by your definition, AC isn't anonymous either, especially if you are logged into an account and check the "Post as AC checkbox.

"Err... you know that when someone appears on television with their name blacked out, their face in shadow and their voice modified, they are not really 'anonymous', right? Because the person who is interviewing them has verified their identity and is withholding it."

Again, this cuts to the core of your lack of understanding of anonymity. It isn't all or nothing. When I check the Post as AC I have increased anonymity. Slashdot still knows who posted it, but you don't. I am not anonymous to Slashdot and

" Because next time I see your name against a comment, I will remember these comments and be able to be reasonably sure you are the same person who made them."

That shows, once again, how little you understand anonymity. How do you know my little sister didn't post using the same account, or maybe I posted the Slashdot user name and password for a number of different people to use?